urlscan.io logo urlscan.io
SecurityTrails logo

brooklynisburning.buzz Open in urlscan Pro
91.234.99.190  Malicious Activity! Public Scan

Go To Rescan Add Verdict Report
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Submission: On April 28 via api from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 5 domains to perform 27 HTTP transactions. The main IP is 91.234.99.190, located in Netherlands and belongs to IHOR-AS, RU. The main domain is brooklynisburning.buzz.
This is the only time brooklynisburning.buzz was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Generic China (Online)

Domain & IP information

IP Address AS Autonomous System
3 91.234.99.190 35196 (IHOR-AS)
3 123.58.177.239 45062 (NETEASE-A...)
5 103.129.252.34 137263 (NETEASE-A...)
1 163.171.128.153 54994 (QUANTILNE...)
2 2a00:1450:400... 15169 (GOOGLE)
2 103.235.46.191 55967 (BAIDU Bei...)
27 7
3    91.234.99.190 (Netherlands)

ASN35196 (IHOR-AS, RU)
brooklynisburning.buzz
3    123.58.177.239 (Hangzhou, China)

ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN)
PTR: m239-177.yeah.net
mimghz.qiye.163.com
5    103.129.252.34 (Hong Kong)

ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK)
mimg.127.net
1    163.171.128.153 (Germany)

ASN54994 (QUANTILNETWORKS, US)
yanxuan.nosdn.127.net
2    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    103.235.46.191 (Hong Kong)

ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN)
hm.baidu.com
Domain Requested by
5 mimg.127.net brooklynisburning.buzz
3 mimghz.qiye.163.com brooklynisburning.buzz
3 brooklynisburning.buzz brooklynisburning.buzz
2 hm.baidu.com brooklynisburning.buzz
2 www.google-analytics.com brooklynisburning.buzz
1 yanxuan.nosdn.127.net mimghz.qiye.163.com
0 ir.mail.163.com Failed mimg.127.net
0 analytics.163.com Failed brooklynisburning.buzz
0 ssl.mail.163.com Failed brooklynisburning.buzz
0 mail.qiye.163.com Failed brooklynisburning.buzz
0 mimg.qiye.163.com Failed brooklynisburning.buzz
27 11

This site contains links to these domains. Also see Links.

Domain
qiye.163.com
ss.cnnic.cn
Subject Issuer Validity Valid
*.nosdn.127.net
GeoTrust CN RSA CA G1		 2020-03-27 -
2022-06-26		 2 years crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-04-07 -
2020-06-30		 3 months crt.sh
baidu.com
GlobalSign Organization Validation CA - SHA256 - G2		 2020-01-13 -
2020-06-25		 5 months crt.sh

This page contains 1 frames:

Primary Page: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Frame ID: 9EBAC4DE77D73F5394824BBD2120F50C
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • url /\.php(?:$|\?)/i
Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^/]*\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

27
Requests

19 %
HTTPS

17 %
IPv6

5
Domains

11
Subdomains

7
IPs

4
Countries

144 kB
Transfer

296 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21
  • http://www.google-analytics.com/analytics.js HTTP 307
  • https://www.google-analytics.com/analytics.js
Request Chain 23
  • http://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924 HTTP 307
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set qiye.163.logindomain.php
brooklynisburning.buzz/dkfjne/163/ 		20 KB
21 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
91.234.99.190 , Netherlands, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software
Apache /
Resource Hash
5dc409f6561b42c254ead2c29f5facb188c3e95fd6399a8fa76217ef0868010a

Request headers

Host
brooklynisburning.buzz
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding
gzip, deflate
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:51 GMT
Server
Apache
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma
no-cache
Set-Cookie
PHPSESSID=v4su4sftdqvvi3oh5sh2rehri2; path=/
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=UTF-8
login.7d2985bb.css
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/ 		12 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/login.7d2985bb.css
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
123.58.177.239 Hangzhou, China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN),
Reverse DNS
m239-177.yeah.net
Software
nginx /
Resource Hash
8305dfa05e7ee9e7e6a389193b23ee62afb0148f845a6fd89d7b76199718ce0e

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:52 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Mar 2018 01:59:57 GMT
Server
nginx
ETag
W/"5ab1bc9d-2e0e"
Vary
Accept-Encoding
X-Cache
HIT from ntes_qiye
Content-Type
text/css
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Thu, 25 Apr 2030 00:38:52 GMT
jquery-1.11.1.min.js
brooklynisburning.buzz/dkfjne/163/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
http://brooklynisburning.buzz/dkfjne/163/js/jquery-1.11.1.min.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
91.234.99.190 , Netherlands, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software
Apache /
Resource Hash

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:51 GMT
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
315
Content-Type
text/html; charset=iso-8859-1
login.js
brooklynisburning.buzz/dkfjne/163/ 		378 B
633 B 		Script
General
Check archive.org
Download Go to
Full URL
http://brooklynisburning.buzz/dkfjne/163/login.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
91.234.99.190 , Netherlands, ASN35196 (IHOR-AS, RU),
Reverse DNS
Software
Apache /
Resource Hash
d25d2066af8d3c8dcd207de3f3253328c0b767c18907a96bd5cf681df9b1fc71

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:51 GMT
Last-Modified
Tue, 04 Jun 2019 21:48:24 GMT
Server
Apache
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
378
jquery-1.8.1.min.js
mimg.127.net/p/tools/jquery/ 		91 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/p/tools/jquery/jquery-1.8.1.min.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:52 GMT
Content-Encoding
gzip
Last-Modified
Wed, 19 Sep 2012 06:53:03 GMT
Server
nginx
ETag
W/"50596bcf-16a79"
Vary
Accept-Encoding, Origin
X-Cache
HIT from HKGM
Content-Type
application/x-javascript
Cache-Control
max-age=315360000
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Mon, 31 Dec 2029 03:59:40 GMT
base_v3.js
mimg.127.net/index/lib/scripts/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/index/lib/scripts/base_v3.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:52 GMT
Content-Encoding
gzip
Last-Modified
Tue, 05 Nov 2013 10:13:30 GMT
Server
nginx
ETag
W/"5278c4ca-5d69"
Vary
Accept-Encoding
X-Cache
HIT from HKGM
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Transfer-Encoding
chunked
Connection
keep-alive
Expires
Tue, 28 Apr 2020 21:18:11 GMT
qiye_algorithm.js
mimg.qiye.163.com/o/index/lib/scripts/ 		0
0
logo.gif
mimg.qiye.163.com/o/public/ 		0
0
getqrcode.do
mail.qiye.163.com/mailapp/commonweb/qrcode/ 		0
0
netease_logo.gif
mimg.127.net/logo/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/netease_logo.gif
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:30:04 GMT
Last-Modified
Wed, 01 Dec 2010 02:06:41 GMT
Server
nginx
ETag
"4cf5adb1-4ec"
X-Cache
HIT from HKGM
Content-Type
image/gif
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1260
Expires
Tue, 28 Apr 2020 21:07:34 GMT
knet.png
mimg.127.net/logo/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimg.127.net/logo/knet.png
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:30:04 GMT
Last-Modified
Wed, 16 May 2012 09:47:58 GMT
Server
nginx
ETag
"4fb377ce-1203"
X-Cache
HIT from HKGM
Content-Type
image/png
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4611
Expires
Tue, 28 Apr 2020 20:34:27 GMT
year.js
mimg.127.net/copyright/ 		23 B
438 B 		Script
General
Check archive.org
Download Go to
Full URL
http://mimg.127.net/copyright/year.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
103.129.252.34 , Hong Kong, ASN137263 (NETEASE-AS-AP NETEASE HONG KONG LIMITED, HK),
Reverse DNS
Software
nginx /
Resource Hash
098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:29:54 GMT
Last-Modified
Wed, 12 Jun 2019 10:49:21 GMT
Server
nginx
ETag
"5d00d8b1-17"
X-Cache
HIT from HKGM
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*.163.com *.126.com *.yeah.net *.tryfun.com
Cache-Control
max-age=29209901
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
23
Expires
Thu, 11 Jun 2020 10:49:21 GMT
httpsEnable.gif
ssl.mail.163.com/ 		0
0
ntes.js
analytics.163.com/ 		0
0
login.1a392b93.js
mimghz.qiye.163.com/o/mailapp/qiyelogin/js/ 		21 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/js/login.1a392b93.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
123.58.177.239 Hangzhou, China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN),
Reverse DNS
m239-177.yeah.net
Software
nginx /
Resource Hash
18fd0aab2eecc8cef072a5b167f40da282cfb3f0e73f6a4f5a49080ec93d88f1

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:30:04 GMT
Last-Modified
Wed, 23 Jan 2019 08:18:19 GMT
Server
nginx
ETag
"5c48234b-53b4"
X-Cache
HIT from ntes_qiye
Content-Type
application/javascript
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
21428
Expires
Thu, 25 Apr 2030 12:34:54 GMT
login.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ 		0
0
sprite.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ 		0
0
speedbg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ 		0
0
codebg.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/codebg.png
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Server
123.58.177.239 Hangzhou, China, ASN45062 (NETEASE-AS Guangzhou NetEase Computer System Co., Ltd., CN),
Reverse DNS
m239-177.yeah.net
Software
nginx /
Resource Hash
8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e

Request headers

Referer
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/css/login.7d2985bb.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:30:07 GMT
Last-Modified
Thu, 13 Nov 2014 10:33:23 GMT
Server
nginx
ETag
"546488f3-1665"
X-Cache
HIT from ntes_qiye
Content-Type
image/png
Cache-Control
max-age=315360000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5733
Expires
Mon, 22 Apr 2030 22:28:48 GMT
applogin_example.png
mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/ 		0
0
stat.min.js
yanxuan.nosdn.127.net/hxm/yanxuan-analytics/common/js/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yanxuan.nosdn.127.net/hxm/yanxuan-analytics/common/js/stat.min.js?v=1588105808498
Requested by
Host: mimghz.qiye.163.com
URL: http://mimghz.qiye.163.com/o/mailapp/qiyelogin/js/login.1a392b93.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
163.171.128.153 , Germany, ASN54994 (QUANTILNETWORKS, US),
Reverse DNS
Software
nos/v0.0.14 /
Resource Hash
e2b40b89439fa8cff19153f2cfc20061ead316635d62e596773ea008a45d13df

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 28 Apr 2020 20:30:08 GMT
content-encoding
gzip
x-nos-object-name
hxm%2Fyanxuan-analytics%2Fcommon%2Fjs%2Fstat.min.js
x-nos-request-id
e88f366b-cd52-4e87-9380-60e43c8eca92
x-cache
MISS from cache.51cdn.com
x-via
1.1 sanxian246:2 (Cdn Cache Server V2.0), 1.1 PSelsmskMOW3oa101:8 (Cdn Cache Server V2.0), 1.1 PSdgflkfFRA1bc95:7 (Cdn Cache Server V2.0)
status
200
content-disposition
inline; filename="hxm%2Fyanxuan-analytics%2Fcommon%2Fjs%2Fstat.min.js"
x-nos-storage-class
STANDARD
last-modified
Thu, 23 Apr 2020 15:05:35 Asia/Shanghai
server
nos/v0.0.14
etag
5489d67939344b548d1ed492b12aa4cf
x-nos-requesttype
GetObject
x-ws-request-id
5ea89250_PSdgflkfFRA1eq9_23965-30281
content-type
application/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=2592000
get.do
ir.mail.163.com/ 		0
0
analytics.js
www.google-analytics.com/
Redirect Chain
  • http://www.google-analytics.com/analytics.js
  • https://www.google-analytics.com/analytics.js
44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
5628
date
Tue, 28 Apr 2020 18:56:20 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Tue, 28 Apr 2020 20:56:20 GMT

Redirect headers

Location
https://www.google-analytics.com/analytics.js
Non-Authoritative-Reason
HSTS
hm.js
hm.baidu.com/ 		38 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hm.baidu.com/hm.js?c5b84290a8ff010ee2699f3f4eaa21d6
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
1f994bb7bfddfc2279182afe5beede13efe737b62a114b72146a8e2ca60d4bc2
Security Headers
Name Value
Strict-Transport-Security max-age=172800

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 28 Apr 2020 20:30:09 GMT
Content-Encoding
gzip
Server
apache
Etag
3279e92d8ff1b702357f56ea763a7407
Strict-Transport-Security
max-age=172800
P3p
CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control
max-age=0, must-revalidate
Content-Type
application/javascript
Content-Length
13828
collect
www.google-analytics.com/r/
Redirect Chain
  • http://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%...
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6...
35 B
111 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 28 Apr 2020 20:30:08 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1804916641&t=pageview&_s=1&dl=http%3A%2F%2Fbrooklynisburning.buzz%2Fdkfjne%2F163%2Fqiye.163.logindomain.php&ul=en-us&de=UTF-8&dt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEAB~&jid=854078897&gjid=594957300&cid=888002685.1588105809&tid=UA-60729705-1&_gid=260171126.1588105809&_r=1&z=1363132924
Non-Authoritative-Reason
HSTS
594.jpg
mimg.qiye.163.com/p/official_site/2018/img/11/ 		0
0
hm.gif
hm.baidu.com/ 		43 B
299 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hm.baidu.com/hm.gif?cc=1&ck=1&cl=24-bit&ds=1600x1200&vl=1200&et=0&ja=0&ln=en-us&lo=0&rnd=1971400683&si=c5b84290a8ff010ee2699f3f4eaa21d6&v=1.2.74&lv=1&sn=61690&r=0&ww=1600&ct=!!&tt=%E7%BD%91%E6%98%93%E4%BC%81%E4%B8%9A%E9%82%AE%E7%AE%B1%20-%20%E7%99%BB%E5%BD%95%E5%85%A5%E5%8F%A3
Requested by
Host: brooklynisburning.buzz
URL: http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
103.235.46.191 , Hong Kong, ASN55967 (BAIDU Beijing Baidu Netcom Science and Technology Co., Ltd., CN),
Reverse DNS
Software
apache /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
Security Headers
Name Value
Strict-Transport-Security max-age=172800
X-Content-Type-Options nosniff

Request headers

Referer
http://brooklynisburning.buzz/dkfjne/163/qiye.163.logindomain.php
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 28 Apr 2020 20:30:10 GMT
X-Content-Type-Options
nosniff
Server
apache
Strict-Transport-Security
max-age=172800
Content-Type
image/gif
Cache-Control
private, max-age=0, no-cache
Content-Length
43

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mimg.qiye.163.com
URL
http://mimg.qiye.163.com/o/index/lib/scripts/qiye_algorithm.js
Domain
mimg.qiye.163.com
URL
http://mimg.qiye.163.com/o/public/logo.gif
Domain
mail.qiye.163.com
URL
https://mail.qiye.163.com/mailapp/commonweb/qrcode/getqrcode.do?w=130&h=130
Domain
ssl.mail.163.com
URL
https://ssl.mail.163.com/httpsEnable.gif
Domain
analytics.163.com
URL
http://analytics.163.com/ntes.js
Domain
mimghz.qiye.163.com
URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/login.png
Domain
mimghz.qiye.163.com
URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/sprite.png
Domain
mimghz.qiye.163.com
URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/speedbg.png
Domain
mimghz.qiye.163.com
URL
http://mimghz.qiye.163.com/o/mailapp/qiyelogin/style/img/applogin_example.png
Domain
ir.mail.163.com
URL
https://ir.mail.163.com/get.do?prod=qiyeMail&mod=4&_time=1588105808503&callback=gAd.callback
Domain
mimg.qiye.163.com
URL
https://mimg.qiye.163.com/p/official_site/2018/img/11/594.jpg

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Generic China (Online)

70 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| log function| $ function| jQuery function| fCheckLoginNow function| fCheckAutoLogin function| fAutoLogin undefined| gbForcepc object| oAndroidRedirect function| fCheckBrowser function| fHtml5Tag function| fCheckCookie function| fGetQuery function| fGetQueryHash function| $id function| fTrim function| fParseMNum function| fCheckAccount function| fGetScript function| fGetCookie function| fSetCookie function| fEventListen function| fEventUnlisten function| fRandom function| fUrlP function| fResize function| fFQ function| fStartTime object| gUserInfo object| gVisitorCookie undefined| gMobileNumMailIsForbidden undefined| gMobileNumMailResult object| gMobileNumMail function| fEnData function| loginRequest function| getRnd undefined| DOMContentLoaded function| DOMREADY string| base64EncodeChars function| base64encode function| utf16to8 function| fGetLocator function| fSetGadIndex number| offset function| MobCallback boolean| bGettingAlgorithm object| gIndexAd number| gDocHeight function| resizeBody function| getQueryStr string| _ntes_nacc string| addresses function| fSpeedTest function| fSpd object| YXStat object| jQuery18109050648949938342 undefined| gAd.callback object| gAd string| GoogleAnalyticsObject function| ga object| _hmt object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| JSON3 function| onWebViewStatisticsDidAppear boolean| _bdhm_loaded_c5b84290a8ff010ee2699f3f4eaa21d6 object| mini_tangram_log_8non84

0 Cookies

1 Console Messages

Source Level URL
Text
console-api log URL: http://mimghz.qiye.163.com/o/mailapp/qiyelogin/js/login.1a392b93.js(Line 1)
Message:
connection fail...

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.163.com
brooklynisburning.buzz
hm.baidu.com
ir.mail.163.com
mail.qiye.163.com
mimg.127.net
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
www.google-analytics.com
yanxuan.nosdn.127.net
analytics.163.com
ir.mail.163.com
mail.qiye.163.com
mimg.qiye.163.com
mimghz.qiye.163.com
ssl.mail.163.com
103.129.252.34
103.235.46.191
123.58.177.239
163.171.128.153
2a00:1450:4001:81d::200e
91.234.99.190
098ec9249cb3e97872e1862b4400b9db4c6622a4d089b64b752ffc73b3ef7a30
17add961a686edb5b25996bcc4e08a14e5e36b6a1796ffbbb9cc751e7ca97ac8
18fd0aab2eecc8cef072a5b167f40da282cfb3f0e73f6a4f5a49080ec93d88f1
1f994bb7bfddfc2279182afe5beede13efe737b62a114b72146a8e2ca60d4bc2
5dc409f6561b42c254ead2c29f5facb188c3e95fd6399a8fa76217ef0868010a
8305dfa05e7ee9e7e6a389193b23ee62afb0148f845a6fd89d7b76199718ce0e
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8696828c26cab79a60130d39242aa14bbcc38181ec2cfcb4320d5100f82fbf9e
a0ceb7edc5991f85a9613588811fee01502816f4a31ed92b19b348c07854f052
a1305347219d673cc973172494248e557ce8eccaf65af995c07c9d7daed4475d
b13de2eb10e93a66f6332b6ccb258bcf1502362a89b91c16f78ea425562e40a0
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d25d2066af8d3c8dcd207de3f3253328c0b767c18907a96bd5cf681df9b1fc71
e2b40b89439fa8cff19153f2cfc20061ead316635d62e596773ea008a45d13df
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d